Why zero is the most important figure for a CISO

Zero trust, zero-day, patient zero, zero hour: these are concepts with a considerable impact on the world of cyberdefence and therefore on the work of a CISO. A CISO whose role and responsibilities in a company are changing significantly.

August 2025, Text:  Andreas Heer, Bild: Swisscom           8 Min.

How nightmares begin for security officers: at the start of June 2025, a critical vulnerability was detected in the webmail software Roundcube, affecting at least 85,000 instances worldwide. Other sources even spoke of 53 million potentially affected systems. Shortly after a patch was released, cybercriminals were already exploiting the vulnerability. Immediate updating was required.

This zero-day (0-day) vulnerability shows why zero is such a key figure for cyberdefence and cyber resilience. After all, these zeroes are more than buzzwords; they represent interrelated risk and resilience aspects that CISOs have to regard holistically and strategically:

  •  Zero trust: a security model that assumes a lack of implicit trust and constantly checks the identity of all users, devices and accesses to detect and stop attacks at an early stage.
  • Zero-day: a security vulnerability of which the manufacturer is not yet aware, giving hackers a window of opportunity to exploit it before a patch is available.
  • Patient zero: the first device or account compromised in an incident. It is important to identify this in order to detect tactics, techniques and procedures (TTPs) and speed up containment and repair measures.
  • Zero hour: the critical moment at which a serious attack is detected and the incident response process is triggered.

When it comes to protecting company resources and ensuring business continuity, an understanding of these zero concepts and their impact is crucial. The concepts therefore influence strategic cyberdefence planning and take account of changed protection requirements, so that incidents such as that involving Roundcube can be responded to instantly and appropriately.

How the role of the CISO is changing

Today’s world of IT extends outside the perimeter – think cloud services, IoT and home offices. These factors accelerate the shift away from traditional security concepts and make zero concepts the basis for best practices and for strengthening cyber resilience. In response to the changes to both the threat landscape and the defensive measures, the role of CISO is changing: concepts such as zero trust are increasing the strategic importance of cyberdefence with regard to ensuring smooth business operations. 

The market research company Gartner has defined four phases for this development. These show the position of CISO increasingly changing from a reactive to an active role, covering a number of functions:

  1. Security and compliance manager: establishes the foundations for security policies, implements security measures and ensures compliance with regulatory requirements.
  2. Cyber risk management officer: the role extends beyond technical responsibilities and places cybersecurity within the context of corporate risks.
  3. Key member of the risk management team: an integral part of the risk management team, the CISO’s assessments are of strategic importance and cyber risks are expressed in terms of their business impact. Cyber risk quantification (CRQ) is becoming an important tool.
  4. Strategic business enabler: cybersecurity and cyber risk management are becoming strategic factors for company development. Cyber risk appetite is evolving into an important aspect of strategic development. 

This development requires CISOs to go beyond purely technical metrics in their communications. Instead, they express cyberthreats as corporate risks, for example in the form of potential revenue losses or their impact on business operations. This can transform cybersecurity from a cost factor to a recognised driver for the business.

Zero concepts as a basic principle

The zero concepts (zero trust, zero-day, zero hour and patient zero) are inextricably linked and form the basis for the strategic development of cyberdefence. In this regard, it is the CISO’s duty to support and successfully implement this transformation as an interface between business and IT. After all, zero trust is the cybersecurity approach to limiting cyber risks and creating a secure foundation for the company’s development plans. 

But how does a CISO shape this role and what does that mean for the cyberdefence strategy?

Recommendations for CISOs

  1. Adopt zero trust as a strategic philosophy: zero trust means introducing a cultural and operational change that goes beyond merely implementing tools. This can be done gradually, starting with identity and access management (IAM) and ‘low hanging fruits’ – i.e. areas where the benefits will quickly become apparent. It is the CISO’s role to demonstrate the business benefits of the measures, for example secure remote workstations or a digital transformation in compliance with data protection regulations.
  2. Strengthen supply chain security: in recent times, reports have increasingly been published about zero-day vulnerabilities in security products. The Google Threat Intelligence Group (GTIG) evaluated 75 zero-day vulnerabilities that were exploited in 2024. 60% of the attacks on company products involved security solutions. Companies should therefore also treat security providers and critical third-party software products in accordance with zero trust principles.
  3. Prioritise security with a focus on people: in many instances, the first victim of hacking – the patient zero – is a person. As such, employees play a central role in cybersecurity, both as targets and as the first line of defence. This makes it important to promote security awareness and develop a security culture that is actively implemented throughout the company. 
  4. Financially quantify cyber risks: the ability to financially assess risks is decisive at the zero hour – the moment at which a company detects an attack and has to make quick decisions. A fact-based estimate of the potential financial impact makes it possible to correctly establish priorities, mobilise resources in a targeted manner and effectively manage crisis communications. As a result, cybersecurity is becoming not just a technical discipline within the company, but also a business one. Frameworks such as FAIR (Factor Analysis of Information Risk) or NIST SP 800-30 help quantify cyber risks and calculate potential losses.
  5. Strengthen business continuity management (BCM): in an emergency, every second counts – especially at the zero hour. That’s the time when it becomes clear how well-prepared a company is for a cyberattack. Emergency plans must be regularly tested and reviewed to ensure the effectiveness of disaster recovery measures in the event of a cyberattack and adherence to the desired recovery time objective (RTO) and recovery point objective (RPO). Tabletop exercises help to improve collaboration between the cybersecurity team and various departments in the event of an emergency. 
  6. Continuous monitoring and adaptation: with zero-day exploits in particular, there is a clear need for companies to continually monitor their own environment. As such attacks often occur without forewarning, companies must be able to detect anomalies in real time, respond quickly and dynamically adapt their defence mechanisms. It is only through such agility that a company can remain resilient in the face of unpredictable threats.

 

Eight areas where cyber defence needs to change in order to optimally safeguard the digital transformation. White paper on cybersecurity transformation.

More on the topic